Vulnerability Details : CVE-2023-33175
ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.
Products affected by CVE-2023-33175
- cpe:2.3:a:toui_project:toui:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33175
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33175
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
GitHub, Inc. |
CWE ids for CVE-2023-33175
-
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.Assigned by: nvd@nist.gov (Primary)
-
The product does not properly restrict reading from or writing to dynamically-identified variables.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2023-33175
-
https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1
Release v2.4.1 · mubarakalmehairbi/ToUI · GitHubRelease Notes
-
https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563
User-specific variables are shared between users · Advisory · mubarakalmehairbi/ToUI · GitHubVendor Advisory
Jump to